Stronger Algorithms for IPsec

The Solaris 10 5/09 release introduces the following algorithms for IPsec and
IKE:

Three larger Diffie-Hellman integer-modulus groups including
2048-bit, 3072-bit, and 4096-bit – The larger Diffie-Hellman groups
are available in IKE Phase 1 and Phase 2. The groups are specified by group
number 14 for 2048-bit, 15 for 3072-bit, and 16 for 4096-bit, per RFC 3526.

SHA-2 series of hashes including sha256, sha384, and sha512–
SHA-2 using HMAC is available for IPsec's Authentication Header (AH) and ESP,
and for IKE during its interactions. SHA-2 is used in IPsec per RFC 4868,
with truncated ICV lengths of 16 bytes for SHA256, 24 bytes for SHA384, and
32 bytes for SHA512.